NSA Official Tells UMUC Students About Growing Cybersecurity Threats

Cyber crime is becoming more sophisticated and disruptive. The nation is facing a shortage of trained cybersecurity professionals to protect and secure critical infrastructure and information systems, the director of National Security Agency’s Information Assurance Directorate told more than 500 UMUC cybersecurity students, alumni and professionals from military, government and industry.

“Everything malicious is speeding up,” the NSA’s Debra Plunkett said in a Webinar hosted on March 14 by the UMUC Center for Security Studies. “We are seeing new malware being developed at unprecedented rates.”

Problems are accelerating, she said, because evolving technologies provide numerous new avenues to access the Internet.

“Most citizens have multiple computers, multiple printers, mobile phones, tablets, televisions and even cars that are connected to the Internet at some given time,” she said. “Every device you own that is connected to the Internet ultimately provides an access point that potentially exposes your personal and business information to theft.”

Just between 2007 and 2012, the number of e-mail messages per day jumped from 97 billion to 419 billion, she said, and the number of Google searches escalated from 1.2 billion to 4.7 billion a day.

And people now are spending more time on apps than they are surfing the Internet, she said. For instance, the iPhone has about a half million apps and Android about 280,000.

Facebook has up to a billion users worldwide with about half of them logging on daily, she said. In the United States alone, there are an estimated 204 million e-mail users and 160 million Facebook users.

In the face of such growth, Ms. Plunkett said, the United States is “losing ground” to cyber espionage, sabotage and thefts that are costing the country billions of dollars and posing serious threats to national security.

Hacktivists, criminals and nation-states are becoming more purposeful, not just to steal information, but also causing disruption and destruction to systems, she said. She described sophisticated tools and techniques from our adversaries that are designed to bypass standard security practices and “offer our adversaries ongoing access to our system.”

“The threat to our nation’s critical infrastructure is real,” she said. “It is our responsibility to prepare the next generation of cyber experts to ensure we continue to have confidence in our defenses that will allow the American people to sleep at night.”

The nation, she said, must focus on creating a larger, more technically diverse cyber workforce to meet these challenges. Assisting academic institutions to create these programs, she said, is “one of our highest priorities.” And the programs, she said, must extend to elementary schools to ensure students are prepared to operate safely on the Internet and to identify those who might be interested in a cybersecurity career.

But cybersecurity will not be effective unless the private sector and the government can collaborate to share information and to voluntarily cooperate to develop and deploy cybersecurity standards.

President Obama has issued an executive order to enhance the security of critical infrastructure as a first step. Next, Congress must enact legislation that removes the statutory barriers to cybersecurity information sharing.